Mobile security remains a struggle: CanSecWest calls attention to flaws in Android and BlackBerry 10, while a newly discovered encryption weakness in iOS 7 could put iPad and iPhone owners at risk.

Phones running iOS 7 are potentially susceptible to a kernel exploit detailed at CanSecWest.(Credit: Apple)

VANCOUVER — A change that Apple imposed to make iOS 7 more secure instead has dramatically weakened the security of devices running that mobile operating system, a security researcher has charged.

At the CanSecWest conference here last week, Azimuth Security researcher Tarjei Mandt said that Apple made a major mistake when it changed its random-number generator to make its kernel encryption tougher in iOS 7. The kernel is the most basic level of an operating system and controls things like security, file management, and resource allocation.

“In terms of security, it’s much worse  than iOS 6,” Mandt said. Soon after his presentation Wednesday in the Grand Ballroom of the Sheraton Wall Centre, he published his presentation slides (PDF) and supporting whitepaper (PDF) as evidence.

And in a testament to the enduring challenges of getting mobile security right, other presentations at CanSecWest also called attention to flaws in the Android and in BlackBerry 10 mobile OSes.

How Apple left the iOS 7 kernel vulnerable

The technical and complicated change boils down to how Apple calculates randomly generated numbers used in the encryption of the kernel. If the numbers can be guessed, their randomness is irrelevant, and the kernel — key to control of the computer, or in this case the iOS phone or tablet — can be compromised.

Apple, he explained, recognized that the method of generating random numbers in iOS 6 could be improved on. Its security engineers leveraged the phone’s CPU clock counter on earlier version of iOS, Mandt said.

“That’s not very good, but still somewhat unpredictable,” he said.

The problem with the new generator in iOS 7 is that it uses a linear recursion algorithm, Mandt said, which has “more correlation” between the values it generates. That makes them easier to extrapolate and guess, he said.

“Normally, you shouldn’t be able to get any of these values in the first place,” Mandt said.

The kernel exploit is severe, although Mandt did not pair it with a vulnerability. Still, that means that anybody who can find an unpatched vulnerability in iOS 7, such as the “goto fail” vulnerability that was patched last month, can gain kernel-level access.

Apple appears to be taking the flaw seriously, but did not return a request for comment. CNET will update the story when the company responds.

“Apple [security engineers attending CanSecWest] approached me afterwards and they appeared to be kind of concerned,” he said. But he cautioned that this exploit should not be underestimated, and that left unfixed, it would effectively roll back 10 years of security-hardening techniques in iOS.

Diagram of how iOS 7 generates random numbers for encryption.

(Credit: Azimuth Security)

Using jiu-jitsu to fix Android fragmentation flaws

An Android presentation just after Mandt’s asserted that the one-two punch of Android fragmentation has placed Android users at risk of missing out on important security updates. That’s not going to be fixed anytime soon, they said.

The issue, argued Jon Oberheide of Duo Security and Northeastern University security researcher Collin Mulliner, lies in how Android devices receive — or more precisely, don’t receive — their updates.

“In terms of security, [Apple’s iOS 7 is] much worse than iOS 6.”
–Tarjei Mandet, Azimuth Security

“The Chrome guys will deliver an update within 24 hours. On Android, it can take months and years,” said Oberheide. “Your carrier doesn’t have a lot of incentive to fix your ancient HTC Evo. They want you to buy the latest and greatest device.”

So, the pair said, even when Google patches Android security flaws, the handset manufacturer and the carrier effectively stop patches from reaching the people who need them.

Android security apps can’t be relied on, Mulliner said, because they’re fighting Android malware — something that he said just isn’t a big problem in most regions.

“None of the big antivirus or security companies are doing a really good job because they’re all concerned with stopping malware,” he said.

Another dead-end, he said, is that Android architecture “doesn’t allow” partial updates.

Collin Mulliner shows off his Android app ReKey that uses known Android vulnerabilities to go in and secure your device.(Credit: Seth Rosenblatt/CNET)

“Google should be able to update anything that’s not kernel, but to do that you have to separate everything much better in the code,” Mulliner said. “Technically, it’s possible, but I could see the manufacturers not wanting to allow that because then you lose part of the device.”

However, they did hit on a method that flips unpatched exploits into tools for patching the bugs. Starting work at the end of 2012, it uses third-party vulnerability patches, independent of both device and Android version.

“Version numbers don’t tell you anything anymore, whether you buy one device for yourself or 100 devices for your company,” Mulliner said.

“There’s one patch for many devices, with no performance problems, and the patch self-contained,” Oberheide told the crowd.

“The Chrome guys will deliver an update within 24 hours. On Android, can take months and years.”
–Jon Oberheide, Duo Security

Their first app, called ReKey, delivers a fix for the MasterKey bug.

They’ve built it to require the owner to root the phone first, so that it can’t be turned into a universal malware delivery tool, and they caution that it’s not for all Android owners. People who use Nexus devices and third-party custom ROMs such as CyanogenMod generally get updates much faster than the rest of Android owners.

Afterward, Mulliner dispensed some advice to people who want to buy Android phones. From a security point of view, he said, “Buy only Nexus devices.”

New BlackBerry era brings new risks

The QNX-based BlackBerry 10 is a major change for BlackBerry for many reasons, not the least of which are its security implications. The hardened, security-focused platform of the legacy BlackBerry OS made that the ideal mobile operating system for large businesses and governments.

Security researchers Ben Nell of Accuvant and Zach Lanier of Duo Security said that BlackBerry 10 opens itself up in ways that previous versions of BlackBerry didn’t, because it was fused on top of QNX, which powers everything from space shuttles to car operating systems.

“Some of the security enhancements introduced in BlackBerry 10 might help mitigate core issues in QNX, but not in other iterations of QNX,” said Lanier. But combining QNX with legacy BlackBerry, he said, “they inherited some bugs, fixed others, and introduced some new ones.”

A slide from Ben Nell and Zach Lanier’s presentation on why it’s important for security researchers to test how secure BlackBerry 10.(Credit: Ben Nell/Zach Lanier)

Lanier noted that BlackBerry is pushing for QNX to be the top “Internet of Things” platform, but by combining QNX with mobile BlackBerry, the company could be putting at risk some of the infrastructure implementations of QNX — such as power plants.

“You may not want to shut down a nuclear reactor [running QNX] for maintenance,” he said. “If QNX continues to gain popularity outside of BlackBerry 10, there will be other issues that will crop up.”

One area where BlackBerry 10 is at risk, they said, is app permissions. “There are a couple of permissions that are in there that allow sockets to be open to the Internet. Any app can do it,” they said.

“We did report things like oversights in file permissions,” said Nell, “the sorts of things that were related to legacy bugs.”

Another problem with BlackBerry 10 is that minor vulnerabilities and weaknesses, along with some of those legacy bugs, could be chained together to cause bigger problems.

“If you had corporate email on the device, we could read your corporate email. It was a series of small issues that chained together were a bigger problem,” Nell said. He was reluctant to talk further about specifics, for fear of revealing problems that haven’t yet been reported publicly.

“You may not want to shut down a nuclear reactor [running QNX] for maintenance.”
–Zach Lanier, Duo Security

Nell got his start on BlackBerry research when his company was hired by a potential BlackBerry client to check out how secure BlackBerry 10 actually was. He and Lanier refused to discuss specifics because of a two-year nondisclosure agreement that Nell signed, a common practice in the security world.

Other areas they thought of looking at, but wouldn’t comment on because of their nondisclosure agreement, included checking on how the processes communicate with each other, and privilege escalations of the kind that had Mandt looking into iOS. A bug of either of those types likely would apply to both BlackBerry and QNX.

In the end, Lanier said that he’d recommend BlackBerry 10 as an enterprise device, but not for “bring your own device” customers. Unfortunately for BlackBerry, the dual-use feature of BlackBerry 10 that lets owners switch between work and home modes was designed to appeal precisely to the BYOD crowd.

“To BlackBerry’s credit,” said Lanier, “they baked in all the management features, the separation of work data and user data, from the get go. Now if only they could get people to use it.”